Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News AWS Expands Amazon Detective for Kubernetes Workloads on Amazon EKS

AWS Expands Amazon Detective for Kubernetes Workloads on Amazon EKS

Amazon Detective is a security service in AWS that allows customers to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities. Recently, AWS announced the expansion of Amazon Detective towards Kubernetes workloads on Amazon’s Elastic Kubernetes Service (EKS). 

The announcement was made during the annual AWS re:Inforce conference, where the company updates the world and its attendees on the developments in cloud security and related topics. The company first introduced the service in March 2020 – a service that continuously looks at things such as login attempts, API calls, and network traffic from Amazon GuardDuty, AWS CloudTrail, and Amazon Virtual Private Cloud (Amazon VPC) Flow Logs.

After its initial release, the company updated the service with features such as AWS IAM Role session analysis, enhanced IP address analytics, Splunk integration, Amazon S3 and DNS finding types, and the support of AWS Organizations. The service’s latest update is a new feature to expand security investigation coverage for Kubernetes workloads running on Amazon EKS.

Channy Yun, a principal developer advocate for AWS, explains in an AWS news blog post:

When you enable this new feature, Amazon Detective automatically starts ingesting EKS audit logs to capture chronological API activity from users, applications, and the control plane in Amazon EKS for clusters, pods, container images, and Kubernetes subjects (Kubernetes users and service accounts).


When potential threats or suspicious activity are found on Amazon EKS clusters, Amazon Detective creates findings and layers them on top of the entity profiles using Amazon GuardDuty Kubernetes Protection. Subsequently, the new Detective feature can help quickly find the answers to queries like which Kubernetes API methods were used by a Kubernetes user account that was detected as compromised, which pods are hosted in an Amazon Elastic Compute Cloud (Amazon EC2) instance that was discovered by Amazon GuardDuty, or which containers were created from a potentially malicious container image.

The support for Kubernetes workloads on Amazon EKS in the Detective service was one of the updates AWS announced at re:Inforce around Cloud Security next others like a new Amazon GuardDuty feature Malware Protection, AWS Wickr, and AWS Marketplace Vendor Insights

Currently, Amazon Detective for EKS is available in all AWS regions where Amazon Detective is available, and pricing will be based on the volume of audit logs analyzed. Furthermore, there is a free 30-day trial when EKS coverage is enabled, allowing customers to ensure that the capabilities meet their security needs and get an estimate of the service’s monthly cost before committing to paid usage.

About the Author

Rate this Article